Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/649a98-339a-4f4b-8750-6e9d3b732b08/1/ua1yiGMv0TpQ_PB1-E4rLGVHm-U.roa
File:                     ua1yiGMv0TpQ_PB1-E4rLGVHm-U.roa (raw, json)
Hash identifier:          Z1cgpx24Cx93r6vFhK7XgdhrVyoO/JsE4NyuKoyhb1U=
Subject key identifier:   B9:AD:72:88:63:2F:D1:3A:50:FC:F0:75:F8:4E:2B:2C:65:47:9B:E5
Certificate issuer:       /CN=b56cb179b3db5c6b36cd3308340801fedb2b7d19
Certificate serial:       018CC56E44A39945CCD39F3D96ECA1A78FF8
Authority key identifier: B5:6C:B1:79:B3:DB:5C:6B:36:CD:33:08:34:08:01:FE:DB:2B:7D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tWyxebPbXGs2zTMINAgB_tsrfRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/649a98-339a-4f4b-8750-6e9d3b732b08/1/ua1yiGMv0TpQ_PB1-E4rLGVHm-U.roa
Signing time:             Mon 01 Jan 2024 14:29:47 +0000
ROA not before:           Mon 01 Jan 2024 14:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        141.47.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/649a98-339a-4f4b-8750-6e9d3b732b08/1/tWyxebPbXGs2zTMINAgB_tsrfRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/649a98-339a-4f4b-8750-6e9d3b732b08/1/tWyxebPbXGs2zTMINAgB_tsrfRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tWyxebPbXGs2zTMINAgB_tsrfRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:44:a3:99:45:cc:d3:9f:3d:96:ec:a1:a7:8f:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b56cb179b3db5c6b36cd3308340801fedb2b7d19
        Validity
            Not Before: Jan  1 14:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9ad7288632fd13a50fcf075f84e2b2c65479be5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e3:ba:2d:73:c9:cf:71:af:c7:d0:38:ea:f1:
                    6b:58:28:44:7d:63:5e:1c:5e:04:c1:ce:53:3a:e4:
                    e1:f9:bb:7e:ad:1e:bf:2a:ea:9d:f6:e9:e3:38:c0:
                    e1:88:7a:70:e2:e1:fb:dd:5c:e1:35:04:b9:91:92:
                    18:13:a8:0a:fe:61:74:55:27:82:5d:e4:66:dc:47:
                    8f:bd:87:44:d7:59:e8:39:8e:49:cf:33:93:af:fe:
                    c5:8e:72:ab:16:43:51:14:9c:ae:a3:94:a3:48:88:
                    39:fd:de:c9:94:c2:6b:5f:ac:cf:05:df:43:3d:5a:
                    a2:96:79:71:ca:93:4c:41:f8:58:ee:d2:b1:66:ea:
                    43:be:b5:fa:ac:5c:08:8a:42:dc:9d:71:d1:e7:60:
                    7f:6a:ac:a8:24:3d:de:4c:b3:2a:ea:67:79:ea:09:
                    52:c3:a2:74:06:46:b9:54:49:39:57:23:5a:e0:12:
                    da:87:cc:6c:71:87:d8:fe:cb:bd:95:bc:cc:15:47:
                    d4:01:2a:e1:be:41:f8:fa:22:23:83:4a:a5:68:fd:
                    c9:40:bf:0e:77:a1:a1:92:a0:53:88:b3:52:8d:39:
                    ff:43:1a:b2:21:4c:53:66:61:38:16:bd:e4:f7:03:
                    d5:fb:47:34:ce:20:dc:a3:54:d7:f9:41:1a:7a:ab:
                    6b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:AD:72:88:63:2F:D1:3A:50:FC:F0:75:F8:4E:2B:2C:65:47:9B:E5
            X509v3 Authority Key Identifier:
                keyid:B5:6C:B1:79:B3:DB:5C:6B:36:CD:33:08:34:08:01:FE:DB:2B:7D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tWyxebPbXGs2zTMINAgB_tsrfRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/649a98-339a-4f4b-8750-6e9d3b732b08/1/ua1yiGMv0TpQ_PB1-E4rLGVHm-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/649a98-339a-4f4b-8750-6e9d3b732b08/1/tWyxebPbXGs2zTMINAgB_tsrfRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.47.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1f:8a:c5:b1:db:bc:e7:7e:33:0b:d5:7e:16:f1:bd:53:52:f4:
         95:d4:b0:87:f4:6b:82:29:91:5a:75:98:e9:41:48:e8:f5:e7:
         25:aa:ea:25:40:e6:b1:5d:27:e1:1c:38:49:da:86:9b:4c:5c:
         43:62:f1:9e:d1:08:a7:ca:55:c2:35:7b:74:e9:6e:34:0c:86:
         de:09:c8:a3:2d:e2:d2:40:66:31:33:b6:54:d9:4b:87:62:d5:
         f3:49:a2:86:4b:4d:60:c1:b5:8a:e8:28:b4:bd:04:82:9c:6a:
         a9:28:6a:aa:48:b0:65:a4:bc:fa:2d:2a:bb:65:63:02:7b:83:
         19:23:04:ac:0b:f5:66:76:82:92:c4:4d:fc:14:05:26:1e:68:
         fe:08:02:d2:5f:3a:cc:90:85:8c:ae:c6:e7:ad:6d:73:c8:fc:
         74:51:1c:34:c1:68:e4:7b:7f:bc:74:f7:a1:49:d4:a4:d8:59:
         c9:18:d8:a2:65:db:36:dd:9e:48:8d:05:bb:d7:fa:99:39:02:
         fd:a6:27:ea:38:9e:1c:63:2e:27:3c:cd:7f:9a:50:52:7d:fe:
         47:ee:8b:44:f1:e1:91:52:58:e0:47:04:8a:20:e2:e7:1d:ec:
         ab:65:e0:57:22:5c:f7:67:3c:0f:54:21:51:a4:c4:72:ee:48:
         67:18:42:e8
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFbkSjmUXM0589luyhp4/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NmNiMTc5YjNkYjVjNmIzNmNkMzMwODM0MDgwMWZlZGIy
YjdkMTkwHhcNMjQwMTAxMTQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWFkNzI4ODYzMmZkMTNhNTBmY2YwNzVmODRlMmIyYzY1NDc5YmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreO6LXPJz3Gvx9A46vFrWChEfWNe
HF4Ewc5TOuTh+bt+rR6/Kuqd9unjOMDhiHpw4uH73VzhNQS5kZIYE6gK/mF0VSeC
XeRm3EePvYdE11noOY5JzzOTr/7FjnKrFkNRFJyuo5SjSIg5/d7JlMJrX6zPBd9D
PVqilnlxypNMQfhY7tKxZupDvrX6rFwIikLcnXHR52B/aqyoJD3eTLMq6md56glS
w6J0Bka5VEk5VyNa4BLah8xscYfY/su9lbzMFUfUASrhvkH4+iIjg0qlaP3JQL8O
d6GhkqBTiLNSjTn/QxqyIUxTZmE4Fr3k9wPV+0c0ziDco1TX+UEaeqtrxQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLmtcohjL9E6UPzwdfhOKyxlR5vlMB8GA1UdIwQY
MBaAFLVssXmz21xrNs0zCDQIAf7bK30ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFd5eGViUGJYR3MyelRNSU5BZ0JfdHNyZlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy82NDlhOTgtMzM5YS00ZjRiLTg3NTAt
NmU5ZDNiNzMyYjA4LzEvdWExeWlHTXYwVHBRX1BCMS1FNHJMR1ZIbS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy82NDlhOTgtMzM5YS00ZjRiLTg3NTAtNmU5ZDNiNzMyYjA4
LzEvdFd5eGViUGJYR3MyelRNSU5BZ0JfdHNyZlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjS8wDQYJ
KoZIhvcNAQELBQADggEBAB+KxbHbvOd+MwvVfhbxvVNS9JXUsIf0a4IpkVp1mOlB
SOj15yWq6iVA5rFdJ+EcOEnahptMXENi8Z7RCKfKVcI1e3TpbjQMht4JyKMt4tJA
ZjEztlTZS4di1fNJooZLTWDBtYroKLS9BIKcaqkoaqpIsGWkvPotKrtlYwJ7gxkj
BKwL9WZ2gpLETfwUBSYeaP4IAtJfOsyQhYyuxuetbXPI/HRRHDTBaOR7f7x096FJ
1KTYWckY2KJl2zbdnkiNBbvX+pk5Av2mJ+o4nhxjLic8zX+aUFJ9/kfui0Tx4ZFS
WOBHBIog4ucd7Ktl4FciXPdnPA9UIVGkxHLuSGcYQug=
-----END CERTIFICATE-----